Information within organizations and entities is often classified as sensitive either for business reasons or for legal reasons. This information may reside within text files, databases, images, pictures, etc. In addition to the potential threat of an unscrupulous party illegally accessing the organization from the outside via an electronic network, and then removing or disrupting the information, there exists the risk of intentional or inadvertent transmission of the sensitive information from inside the organization to the outside. For example, a disgruntled employee might send a sensitive data file to which he or she has access to an outside party via e-mail, thus causing harm to the organization.
In addition to simple business reasons for not wanting sensitive information to be released, i.e., the desire to keep trade secrets secret, many new government regulations mandate controls over information (requiring the sensitive information not to be released outside the company) and companies must comply in view of significant penalties. For example, HIPAA regulates health information, BASEL II regulates financial information, Sarbanes-Oxley regulates corporate governance, and a large number of states have passed data privacy laws requiring organizations to notify consumers if their information is released.
Companies are even subject to a regular information technology audit which they can fail if they do not employ suitable controls and standards.
Technology companies have reacted to this environment with a host of data loss prevention (DLP) products. These products are typically hardware/software platforms that monitor and prevent sensitive information from being leaked outside the company. These DLP products are also known as data leak prevention, information leak prevention, etc. Gateway-based DLP products are typically installed at the company's Internet network connection and analyze outgoing network traffic for unauthorized transmission of sensitive information. These products typically generate a unique signature of the sensitive information when stored within the company, and then look for these signatures as information passes out over the network boundary, searching for the signatures of the sensitive information. Host-based DLP products typically run on end-user workstations within the organization. These products can address internal as well as external release of information and can also control information flow between groups of users within an organization. These products can also monitor electronic mail and instant messaging communications and block them before they are sent.
This prior art technology uses digital signatures, digital fingerprints, regular expressions or even keywords to determine which computer files are important and should be prevented from being leaked from an organization. Although this technology can prevent a user from moving a file outside the organization, it cannot track the usage of the computer file or its current location. Another disadvantage of this prior art technology (based upon signatures and regular expressions, for example) is that it is not effective enough to deal with the intentional or malicious leakage of files from an organization. Furthermore, such technology is completely separate from malware scanning, spam detection and other scanning and filtering techniques. The disadvantage is that a particular suspect file may undergo multiple scans to determine if it is malware, if it is spam, if it is an important file that should not be leaked, etc., thus wasting CPU cycles.
In order to effectively enforce a security policy, a computer network administrator needs to know where computer files and data are flowing and who has used or touched such files and data. Accordingly, a system and technique to meet these needs and address the disadvantages in the prior art is desired.